Sklar Research, Reports & Articles

10 Best Practices Against Cyber Security Threats, Part II

As we discussed in Part I of this series, the protection of sensitive data and patient files is a daily challenge for healthcare facilities in a technologically advanced world. If ignored, these threats can seriously impact the safety of patients and staff, and increase healthcare costs. Herewith, in Part II, we continue with the remaining five targeted areas. Click to review Part I in this series, where we cover Ransomware, Phishing, Malware, mobile devices, and data protection in Class III medical devices.

Encryption Blind Spots

What is it? Hackers and identity thieves take advantage of unprotected sensitive data by accessing one’s network through malware. When decrypted sensitive information transmits between networks, the data becomes a target to hackers monitoring data streams. Encryption blind spots are different than an unsecured decrypted data. EPlus Inc. chief security strategist, Tom Bowers, explains “when it comes to Secure Sockets Layer (SSL) data streams, the devices have no way of interpreting the content of the encrypted traffic and pass through it unchecked, creating a blind spot for your security technologies”1. Because of advanced persistent threats utilizing imbedded malware to infiltrate corporate networks internally, the SSL encryption blind spots are easily identified, and confidential data is stolen.

Who are most vulnerable? Small to large companies using SSL encryption without implementing an SSL decryption solution, security programs that have not been recently updated, unauthorized users gaining access to encrypted data, and weak or unnecessary encrypted data.

How can I prevent this attack? Bowers recommends encrypting data that only contains sensitive information, and to “use an SSL decryption solution and review your security architecture to make sure you are leveraging those capabilities to the fullest extent possible.” As a result, “…data is protected both from unknown malware lurking within your network and any exposure posed from cyber thieves outside your network.”1 He approves program products such as Radware and Gigamon as some of the best on the market for SSL decryption solutions.

Cloud Threats

What is it? Cloud Computing is a remote service for businesses who want to manage, store, and process over a network hosted on the internet. Cloud computing stops businesses from using a local server or personal computer network. While there are several benefits of the cloud (improved collaboration, portability, limitless resources and flexibility), there are risks. The issues vary depending on the selected cloud computing service. The greatest risks, however, affect confidentiality, service provider trust, integrity of service/contract, and encryption. All of which affect a facility’s confidential data.

Who are most vulnerable? Healthcare facilities who use cloud computing services without understanding the risks of cloud threats. As a result, they do not protect their data or properly install encryption security against hackers. Because resources are shared and data is constantly transmitted between different devices, facilities who do not have strong security protection in their cloud service will experience cyber threats.

How can I prevent this attack? Understanding the risks when using cloud computing, implementing a strong encryption system, and having a concise Service Level Agreement that is up to date and clear on the services. Gleamly.com highlights the importance of a clear Service Level Agreement: “when customers have the right level of expectations and the insecurities are deemed manageable, cloud computing as a whole will gain ground and take hold as usable technology.”2 Healthcare facilities using cloud computing benefit from the services, however, they should always be aware of the threats and vulnerabilities within the system.

Employee/Internal Threats

What is it? From intentionally motivated employees to accidental handling of sensitive data, staff pose another threat to healthcare facilities. Internal threats usually parallel employee terminations or frequent employee turnovers. Employees who are motivated financially, or want to harm a company, will access sensitive company data to steal, manipulate, or destroy it. A commercial litigation lawyer, Samuel Felker, explains that these employees are eager to disrupt confidential company data because, “they know their way around the network and…attempt to hide their tracks.”3 Accidental misuse of company data is also an issue. Felker warns not to dismiss “a careless employee” who may “accidently modify critical information or unwittingly share sensitive information by not following established company protocols.”3

Who are most vulnerable? Healthcare facilities who do not have strong security protocols in place for programs and systems employees use to store confidential data. This also includes not requiring new employees to sign an updated non-disclosure agreement before accessing sensitive data. Careless training for new employees also contributes to accidental internal data breaches. Lastly, neglecting to install a monitoring system to record suspicious account activity.

How can I prevent this attack? Install a monitoring system on employee computers and databases. According to Felker, “an effective monitoring system will allow you to track, log, and record account activity and create alerts for quick response when suspicious activity is detected”.3 Additional preventatives measure include requiring new employees to sign non-disclosure agreements.

Data Supply Chains

What is it? Data supply chains are analytical and management machines large facilities use to eliminate manual steps during key operations when channeling new data into independent reports. This network system uses an artificial intelligence system and data collaboration to improve internal data analysis, patient accuracy, and facility operations. Because data supply chains work directly with data and sensitive information, they are more likely to experience cyber-attacks.

Who are most vulnerable? Facilities that implement and utilize a date supply chain without running a vendor risk assessment, researching a reputable and trusted supplier within their budget, or requiring security reports. Facilities that do not define levels of security and data access to their supply chain, or establish terms and conditions in business agreements. Lastly, neglecting to maintain communication and incident response plans with the supplier creates a target for cyber threats and hacks.4

What is it? Patient health records stored on electronic databases are at risk of being compromised. Because sensitive information is stored electronically, IT departments must have strong security systems. Such a breach would cause “delays in treatment, misdiagnosis and inappropriate care. The health data of the imposter is merged with the identity of the real patient, creating serious inaccuracies in health data that can be life-threatening.” (HealthcareITNews.com, 2017)

Who are most vulnerable? Healthcare facilities with a weak IT department and security systems. Similar to vulnerable data supply chains, electronic health information without strong and effective cybersecurity systems is a major target. According to Lenovo Health, “protected health information (PHI) is highly valuable on the black market because it can be used to obtain pharmaceuticals, commit insurance fraud or obtain medical care through channels such as Medicaid and Medicare.”5 Even outdated or unmonitored data systems open up portals for cyber security attacks.

How can I prevent this attack? Establishing and motioning strong electronic security for HER and EMR records. When sharing patient data with healthcare organizations, it’s important to use security approved systems, and implement strong IT solutions. Lenovo Health explains “the success of value-based care demands innovative, reliable health IT solutions”. A secure IT department and an approved patient identifier within the facility and beyond will achieve a goal every healthcare provider aims to serve: “one patient, one identity, one record.”5

Through greater awareness of potential cyber threats and hacks, security has only improved through proactive changes and stronger systems created. From previous cyber security threats, we are able to further identity vulnerable areas in data sharing and employee influence - leading healthcare facilities and their IT department to recognize opportunities to build more effective cyber security systems.